The present invention pertains to secure telecommunication systems and more particularly to an expandable hierarchical key management system which supports the delegation of authority for certification and authentication of users.
A typical key management system is shown in U.S. Pat. No. 4,578,531, issued on Mar. 25, 1986, to J. Everhart et al. This patent teaches a key distribution system connected to each of a plurality of secure terminals. When a secure data transmission is desired, each terminal must establish communication with the key distribution center. The key distribution center then establishes the terminal's credentials and performs the security analysis required.
The disadvantages of this system are that the key distribution center must be involved for each secure communication between any two terminals. The terminals exchange their security packets of information only through the key distribution center. Each terminal must send security information to the key distribution center for varification and receive subsequent information from the key distribution center. Such multiple communications are inefficient.
Further, the above-mentioned system provides no hierarchy of security. Since all critical keying data is contained at the center, if the key distribution center's security is compromised, each users' security is also compromised.
Accordingly, it is an object of the present invention to provide a hierarchical key distribution system which permits the establishing of security directly between terminal users.